hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ramkrishna.s.vasudevan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-10885) Support visibility expressions on Deletes
Date Thu, 03 Apr 2014 07:43:15 GMT

    [ https://issues.apache.org/jira/browse/HBASE-10885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13958607#comment-13958607
] 

ramkrishna.s.vasudevan commented on HBASE-10885:
------------------------------------------------

Doing like what ACL does may be easier because we could see which subject issues the delete.
 If a super user/admin that makes the put does the delete then we can just allow the delete
to happen.
So assume we have user A with labels CONFIDENTIAL  associated with him.
And there is a Put already done with row1, cf1, q1, CONFIDENTIAL and another version
row1,cf1,q1, TOPSECRET&CONFIDENTIAL
If suppose user A tries to issue a delete ( not using Cellvisibility) - by using the labels
associated with User A we could find that we will not be able to delete this row. Because
one of the versions has additional labels associated with it.
But allowing the delete to be added and then verifying the visibility expression during compaction
time - then we may have to handle the logic of deletes and corresponding puts in the compaction
scanner hook that we create.  Also what about the scans that happens? May be there is a matching
delete for a put with exactly same visibility expression, ideally the scan should not return
that KV.  
Apart from this with the ACL delete handling case, some doubts regarding the handling of the
deleteColumn() -  which deletes only the latest version.  But with the current implementation
even though the current version allows the delete with valid permissions for the user, because
there is an older version with lesser permission we deny the delete.  Is that valid? same
applies with deleteFamily() also.


> Support visibility expressions on Deletes
> -----------------------------------------
>
>                 Key: HBASE-10885
>                 URL: https://issues.apache.org/jira/browse/HBASE-10885
>             Project: HBase
>          Issue Type: Improvement
>    Affects Versions: 0.98.1
>            Reporter: Andrew Purtell
>            Assignee: ramkrishna.s.vasudevan
>             Fix For: 0.99.0, 0.98.2
>
>
> Accumulo can specify visibility expressions for delete markers. During compaction the
cells covered by the tombstone are determined in part by matching the visibility expression.
This is useful for the use case of data set coalescing, where entries from multiple data sets
carrying different labels are combined into one common large table. Later, a subset of entries
can be conveniently removed using visibility expressions.
> Currently doing the same in HBase would only be possible with a custom coprocessor. Otherwise,
a Delete will affect all cells covered by the tombstone regardless of any visibility expression
scoping. This is correct behavior in that no data spill is possible, but certainly could be
surprising, and is only meant to be transitional. We decided not to support visibility expressions
on Deletes to control the complexity of the initial implementation.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message